Go to top of page

Safe or risky: saving passwords in your browser

19 September 2017

It’s convenient and easy—especially as we can’t remember so many passwords—so when our browser helpfully offers to save our login credentials, why would we say no?

Is saving passwords in our browser really that much riskier than a password manager? What’s the difference?

How it works

Chrome saves your passwords in your Google account. Once logged into your account, all your passwords are visible. This means that if your account is hacked, the hacker has access to all your other accounts.

Firefox and Safari save your passwords in your browser settings (under security) and if you have access to the device, you can open all the passwords without any login step.

Internet Explorer saves your passwords in your browser, but does not show your saved passwords. However, there is an easy to find tool that can expose these passwords.

So with this in mind, are your passwords safe?

Google has some good security features, alerting you to unusual logins that helps, but ultimately, if your Google account is compromised, so are all your passwords.

Firefox, Safari and Internet Explorer offer no protection if a hacker gets hold of your physical device.

A password manager stores your passwords offline and requires additional authentication. This is the safest option.

Stay Smart Online recommends using two-factor authentication wherever possible. This is truly your best defence.

What to do now

  • Download a reputable password manager and secure it with a strong password.
  • Go to your security settings and remove all stored passwords, in all your browsers.
  • Turn off the auto-prompt offering to store passwords.
  • Turn on two-factor authentication wherever possible.

Read more about strong passwords and two-factor authentication.